Changelog
bind9 (1:9.19.21-1) unstable; urgency=high
[ Helmut Grohne ]
* Drop unused Build-Depends: python3. (Closes: #1063448)
[ Ondřej Surý ]
* New upstream version 9.19.21
- CVE-2023-4408: Parsing large DNS messages may cause excessive CPU
load
- CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion
failure when "nxdomain-redirect" is enabled
- CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an
assertion failure during recursive resolution
- CVE-2023-6516: Specific recursive query patterns may lead to an
out-of-memory condition
- CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust
CPU resources
-- Ondřej Surý <email address hidden> Mon, 12 Feb 2024 17:04:19 +0100